Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Docsity AI
Docsity AI
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search for your university

Find the specific documents for your university's exams

Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

Cisco CCNA 2 Routing and Switching, Exercises of Computer Networks

Anton de Kom UniversityComputer Networks

Cisco CCNA 2 Routing and Switching Instructor Lab Manual

Typology: Exercises

2016/2017

Uploaded on 09/19/2017

dusan-stamenkovic-1
dusan-stamenkovic-1 🇷🇸

4.7

(11)

6 documents

1 / 181

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CCNA Routing and Switching:
Routing and Switching Essentials
Instructor Packet Tracer Manual
This document is exclusive property of Cisco Systems, Inc. Permission is granted
to print and copy this document for non-commercial distribution and exclusive
use by instructors in the CCNA Routing and Switching: Routing and Switching
Essentials course as part of an official Cisco Networking Academy Program.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d
pf5e
pf5f
pf60
pf61
pf62
pf63
pf64

Partial preview of the text

Download Cisco CCNA 2 Routing and Switching and more Exercises Computer Networks in PDF only on Docsity!

CCNA Routing and Switching:

Routing and Switching Essen

Instructor Packet Tracer Manual

This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors in the CCNA Routing and Switching: Routing and Switching Essentials course as part of an official Cisco Networking Academy Program.

Packet Tracer - Skills Integration Challenge (Instructor Version)

Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only.

Addressing Table

Device Interface IP Address Subnet Mask

[[S1Name]] VLAN 1 [[S1Add]] 255.255.255. [[S2Name]] VLAN 1 [[S2Add]] 255.255.255. [[PC1Name]] NIC [[PC1Add]] 255.255.255. [[PC2Name]] NIC [[PC2Add]] 255.255.255.

Objectives

 Configure hostnames and IP addresses on two Cisco Internetwork Operating System (IOS) switches using the command-line interface (CLI).  Use Cisco IOS commands to specify or limit access to the device configurations.  Use IOS commands to save the running configuration.  Configure two host devices with IP addresses.  Verify connectivity between the two PC end devices.

Scenario

As a recently hired LAN technician, your network manager has asked you to demonstrate your ability to configure a small LAN. Your tasks include configuring initial settings on two switches using the Cisco IOS and configuring IP address parameters on host devices to provide end-to-end connectivity. You are to use two switches and two hosts/PCs on a cabled and powered network.

Requirements

 Use a console connection to access each switch.  Name [[S1Name]] and [[S2Name]] switches.  Use the [[LinePW]] password for all lines.  Use the [[SecretPW]] secret password.  Encrypt all clear text passwords.  Include the word warning in the message-of-the-day (MOTD) Banner.  Configure addressing for all devices according to the Addressing Table.  Save your configurations.  Verify connectivity between all devices. Note: Click Check Results to see your progress. Click Reset Activity to generate a new set of requirements.

Instructor Notes The following information is for the Instructor version only.

Packet Tracer - Skills Integration Challenge

Topology Isomorphs

Packet Tracer - Configuring SSH (Instructor Version)

Instructor Note: Red font color or Gray highlights indicate text that appears in the instructor copy only.

Topology

Addressing Table

Device Interface IP Address Subnet Mask

S1 VLAN 1 10.10.10.2 255.255.255. PC1 NIC 10.10.10.10 255.255.255.

Objectives

Part 1: Secure Passwords Part 2: Encrypt Communications Part 3: Verify SSH Implementation

Background

SSH should replace Telnet for management connections. Telnet uses insecure plain text communications. SSH provides security for remote connections by providing strong encryption of all transmitted data between devices. In this activity, you will secure a remote switch with password encryption and SSH.

Part 1: Secure Passwords

a. Using the command prompt on PC1 , Telnet to S1. The user EXEC and privileged EXEC password is cisco. b. Save the current configuration so that any mistakes you might make can be reversed by toggling the power for S. c. Show the current configuration and note that the passwords are in plain text. Enter the command that encrypts plain text passwords: S1(config)# service password-encryption d. Verify that the passwords are encrypted.

Part 2: Encrypt Communications

Step 1: Set the IP domain name and generate secure keys.

It is generally not safe to use Telnet, because data is transferred in plain text. Therefore, use SSH whenever it is available. a. Configure the domain name to be netacad.pka. S1(config)# ip domain-name netacad.pka

Packet Tracer - Configuring Switch Port Security (Instructor

Version)

Instructor Note : Red font color or Gray highlights indicate text that appears in the instructor copy only.

Topology

Addressing Table

Device Interface IP Address Subnet Mask

S1 VLAN 1 10.10.10.2 255.255.255. PC1 NIC 10.10.10.10 255.255.255. PC2 NIC 10.10.10.11 255.255.255. Rogue Laptop NIC 10.10.10.12 255.255.255.

Objective

Part 1: Configure Port Security Part 2: Verify Port Security

Background

In this activity, you will configure and verify port security on a switch. Port security allows you to restrict a port’s ingress traffic by limiting the MAC addresses that are allowed to send traffic into the port.

Part 1: Configure Port Security

a. Access the command line for S1 and enable port security on Fast Ethernet ports 0/1 and 0/2. S1(config)# interface range fa0/1 - 2 S1(config-if-range)# switchport port-security b. Set the maximum so that only one device can access the Fast Ethernet ports 0/1 and 0/2. S1(config-if-range)# switchport port-security maximum 1

Packet Tracer - Configuring Switch Port Security

c. Secure the ports so that the MAC address of a device is dynamically learned and added to the running configuration. S1(config-if-range)# switchport port-security mac-address sticky d. Set the violation so that the Fast Ethernet ports 0/1 and 0/2 are not disabled when a violation occurs, but packets are dropped from an unknown source. S1(config-if-range)# switchport port-security violation restrict e. Disable all the remaining unused ports. Hint: Use the range keyword to apply this configuration to all the ports simultaneously. S1(config-if-range)# interface range fa0/3 - 24 , gi1/1 - 2 S1(config-if-range)# shutdown

Part 2: Verify Port Security

a. From PC1 , ping PC. b. Verify port security is enabled and the MAC addresses of PC1 and PC2 were added to the running configuration. c. Attach Rogue Laptop to any unused switch port and notice that the link lights are red. d. Enable the port and verify that Rogue Laptop can ping PC1 and PC2. After verification, shut down the port connected to Rogue Laptop. e. Disconnect PC2 and connect Rogue Laptop to PC2’s port. Verify that Rogue Laptop is unable to ping PC. f. Display the port security violations for the port Rogue Laptop is connected to. S1# show port-security interface fa0/ g. Disconnect Rouge Laptop and reconnect PC2. Verify PC2 can ping PC. h. Why is PC2 able to ping PC1 , but the Rouge Laptop is not? The port security that was enabled on the port only allowed the device, whose MAC was learned first, access to the port while preventing all other devices access.

Packet Tracer - Skills Integration Challenge (Instructor Version)

Instructor Note : Red font color or Gray highlights indicate text that appears in the instructor copy only.

Topology

Addressing Table

Device Interface IP Address Subnet Mask

S1 VLAN 1 10.10.10.2 255.255.255. PC1 NIC 10.10.10.10 255.255.255. PC2 NIC 10.10.10.11 255.255.255.

Scenario

The network administrator asked you to configure a new switch. In this activity, you will use a list of requirements to configure the new switch with initial settings, SSH, and port security.

Requirements

 Configure S1 with the following initial settings:

  • Hostname
  • Banner that includes the word warning
  • Console port login and password cisco
  • Encrypted enable password of class
  • Encrypt plain text passwords
  • Management interface addressing  Configure SSH to secure remote access with the following settings:
  • Domain name of cisco.com
  • RSA key-pair parameters to support SSH version 2
  • Set SSH version 2
  • User admin with secret password ccna
  • VTY lines only accept SSH connections and use local login for authentication  Configure the port security feature to restrict network access:

Packet Tracer - Skills Integration Challenge

  • Disable all unused ports.
  • Set the interface mode to access.
  • Enable port security to allow only two hosts per port.
  • Record the MAC address in the running configuration.
  • Ensure that port violations disable ports.

Script

enable config t service password-encryption ! hostname S ! enable secret class ! ip ssh version 2 ip domain-name cisco.com ! username admin secret ccna ! crypto key generate rsa 1024

interface range FastEthernet0/1 - 2 switchport mode access switchport port-security switchport port-security maximum 2 switchport port-security mac-address sticky ! interface range FastEthernet0/3 - 24 , g1/1 - 2 shutdown ! interface Vlan ip address 10.10.10.2 255.255.255. no shutdown ! banner motd #Warning, unauthorized access is prohibited# ! line con 0 password cisco login ! line vty 0 15

Packet Tracer – Who Hears the Broadcast? (Instructor Version)

Instructor Note : Red font color or Gray highlights indicate text that appears in the instructor copy only.

Topology

Objectives

Part 1: Observe Broadcast Traffic in a VLAN Implementation Part 2: Complete Review Questions

Scenario

In this activity, a 24-port Catalyst 2960 switch is fully populated. All ports are in use. You will observe broadcast traffic in a VLAN implementation and answer some reflection questions.

Part 1: Observe Broadcast Traffic in a VLAN Implementation

Step 1: Use ping to generate traffic.

a. Click PC0 and click the Desktop tab> Command Prompt. b. Enter the ping 192.168.1.8 command. The ping should succeed. Unlike a LAN, a VLAN is a broadcast domain created by switches. Using Packet Tracer Simulation mode, ping the end devices within their own VLAN. Based on your observation, answer the questions in Step 2.

Step 2: Generate and examine broadcast traffic.

a. Switch to Simulation mode.

Packet Tracer - Who Hears the Broadcast?

b. Click Edit Filters in the Simulation Panel. Uncheck the Show All/None checkbox. Check the ICMP checkbox. c. Click the Add Complex PDU tool, this is the open envelope icon on the right toolbar. d. Float the mouse cursor over the topology and the pointer changes to an envelope with a plus (+) sign. e. Click PC0 to serve as the source for this test message and the Create Complex PDU dialog window opens. Enter the following values:  Destination IP Address: 255.255.255.255 (broadcast address)  Sequence Number: 1  One Shot Time: 0 Within the PDU settings, the default for Select Application: is PING. What are at least 3 other applications available for use? DNS, FINGER, FTP, HTTP, HTTPS, IMAP, NETBIOS, PING, POP3, SFTP, SMTP, SNMP, SSH, TELNET, TFTP and OTHER f. Click Create PDU. This test broadcast packet now appears in the Simulation Panel Event List. It also appears in the PDU List window. It is the first PDU for Scenario 0. g. Click Capture/Forward twice. What happened to the packet? The packet is sent to the switch and then broadcast to all of the PCs that belong to the same VLAN and in this case, VLAN 10. h. Repeat this process for PC8 and PC.

Part 2: Complete Review Questions

  1. If a PC in VLAN 10 sends a broadcast message, which devices receive it? All end devices on VLAN 10
  2. If a PC in VLAN 20 sends a broadcast message devices receive it? All end devices on VLAN 20
  3. If a PC in VLAN 30 sends a broadcast message devices receive it? All end devices on VLAN 30
  4. What happens to a frame sent from a PC in VLAN 10 to a PC in VLAN 30? It will be dropped because they are not on the same VLAN.
  5. Which ports on the switch light up if a PC connected to port 11 sends a unicast message to a PC connected to port 13? Ports 11 and 13 will light up.
  6. Which ports on the switch light if a PC connected to port 2 sends a unicast message to a PC connected to port 23? The packet will be dropped.
  7. In terms of ports, what are the collision domains on the switch? Each port is its own collision domain.
  8. In terms of ports, what are the broadcast domains on the switch? Each VLAN is its own broadcast domain.

Suggested Scoring Rubric

There are 10 questions worth 10 points each.

Packet Tracer – Investigating a VLAN Implementation

Addressing Table

Device Interface IP Address Subnet Mask Default Gateway

S1 VLAN 99 172.17.99.3 1 255.255.255.0 N/A S2 VLAN 99 172.17.99.3 2 255.255.255.0 N/A S3 VLAN 99 172.17.99.33 255.255.255.0 N/A PC1 NIC 172.17.10.21 255.255.255.0 172.17.10. PC2 NIC 172.17.20.22 255.255.255.0 172.17.20. PC3 NIC 172.17.30.23 255.255.255.0 172.17.30. PC4 NIC 172.17.10.24 255.255.255.0 172.17.10. PC5 NIC 172.17.20.25 255.255.255.0 172.17.20. PC6 NIC 172.17.30.26 255.255.255.0 172.17.30. PC7 NIC 172.17.10.27 255.255.255.0 172.17.10. PC8 NIC 172.17.20.28 255.255.255.0 172.17.20. PC9 NIC 172.17.30.29 255.255.255.0 172.17.30.

Objectives

Part 1: Observe Broadcast Traffic in a VLAN Implementation Part 2: Observe Broadcast Traffic without VLANs Part 3: Complete Reflection Questions

Background

In this activity, you will observe how broadcast traffic is forwarded by the switches when VLANs are configured and when VLANs are not configured.

Part 1: Observe Broadcast Traffic in a VLAN Implementation

Step 1: Ping from PC1 to PC6.

a. Wait for all the link lights to turn to green. To accelerate this process, click Fast Forward Time located in the bottom yellow tool bar. b. Click the Simulation tab and use the Add Simple PDU tool. Click on PC1 , and then click on PC. c. Click the Capture/Forward button to step through the process. Observe the ARP requests as they traverse the network. When the Buffer Full window appears, click the View Previous Events button. d. Were the pings successful? Why? No, the pings were not successful because PC1 is on a different VLAN than PC6, which won’t allow these devices to communicate with each other because they are separated logically. e. Look at the Simulation Panel, where did S3 send the packet after receiving it? S3 sent it to PC4 because it was on the same VLAN as PC1. In normal operation, when a switch receives a broadcast frame on one of its ports, it forwards the frame out all other ports. Notice that S2 only sends the ARP request out Fa0/1 to S1. Also notice that S3 only sends the

Packet Tracer – Investigating a VLAN Implementation

ARP request out F0/11 to PC4. PC1 and PC4 both belong to VLAN 10. PC6 belongs to VLAN 30. Because broadcast traffic is contained within the VLAN, PC6 never receives the ARP request from PC1. Because PC is not the destination, it discards the ARP request. The ping from PC1 fails because PC1 never receives an ARP reply.

Step 2: Ping from PC1 to PC4.

a. Click the New button under the Scenario 0 dropdown tab. Now click on the Add Simple PDU icon on the right side of Packet Tracer and ping from PC1 to PC. b. Click the Capture/Forward button to step through the process. Observe the ARP requests as they traverse the network. When the Buffer Full window appears, click the View Previous Events button. c. Were the pings successful? Why? Yes, because PC1 and PC4 both belong to VLAN 10, so the path of the ARP request is the same as before. Because PC4 is the destination, it replies to the ARP request. PC1 is then able to send the ping with the destination MAC address for PC4. d. Examine the Simulation Panel. When the packet reached S1 , why does it also forward the packet to PC7? Because PC7 also belong to VLAN 10 and the ARP requests was for VLAN10, switches will forward to any devices that are connected to VLAN10 in their port.

Part 2: Observe Broadcasts Traffic without VLANs

Step 1: Clear the configurations on all three switches and delete the VLAN database.

a. Return to Realtime mode. b. Delete the startup configuration on all 3 switches. What command is used to delete the startup configuration of the switches? Switch# erase startup-config c. Where is the VLAN file stored in the switches? flash:vlan.dat d. Delete the VLAN file on all 3 switches. What command deletes the VLAN file stored in the switches? Switch# delete vlan.dat

Step 2: Reload the switches.

Use the r eload command in privileged EXEC mode to reset all the switches. Wait for the entire link to turn green. To accelerate this process, click Fast Forward Time located in the bottom yellow tool bar.

Step 3: Click Capture/Forward to send ARP requests and pings.

a. After the switches reload and the link lights return to green, the network is ready to forward your ARP and ping traffic. b. Select Scenario 0 from the drop down tab to return to Scenario 0. c. From Simulation mode, click the Capture/Forward button to step through the process. Notice that the switches now forward the ARP requests out all ports, except the port on which the ARP request was received. This default action of switches is why VLANs can improve network performance. Broadcast traffic is contained within each VLAN. When the Buffer Full window appears, click the View Previous Events button.

Part 3: Complete Reflection Questions

  1. If a PC in VLAN 10 sends a broadcast message, which devices receive it? All devices that are on VLAN 10
  2. If a PC in VLAN 20 sends a broadcast message, which devices receive it? All devices that are on VLAN 20

Packet Tracer – Configuring VLANs (Instructor Version)

Instructor Note : Red font color or Gray highlights indicate text that appears in the instructor copy only.

Topology

Addressing Table

Device Interface IP Address Subnet Mask VLAN

PC1 NIC 172.17.10.21 255.255.255.0 10 PC2 NIC 172.17.20.22 255.255.255.0 20 PC3 NIC 172.17.30.23 255.255.255.0 30 PC4 NIC 172.17.10.24 255.255.255.0 10 PC5 NIC 172.17.20.25 255.255.255.0 20 PC6 NIC 172.17.30.26 255.255.255.0 30

Objectives

Part 1: Verify the Default VLAN Configuration Part 2: Configure VLANs Part 3: Assign VLANs to Ports

Background

VLANs are helpful in the administration of logical groups, allowing members of a group to be easily moved, changed, or added. This activity focuses on creating and naming VLANs, and assigning access ports to specific VLANs.

Packet Tracer – Configuring VLANs

Part 1: View the Default VLAN Configuration

Step 1: Display the current VLANs.

On S1, issue the command that displays all VLANs configured. By default, all interfaces are assigned to VLAN 1.

Step 2: Verify connectivity between PCs on the same network.

Notice that each PC can ping the other PC that shares the same network.  PC1 can ping PC  PC2 can ping PC  PC3 can ping PC Pings to PCs in other networks fail. What benefit will configuring VLANs provide to the current configuration? The primary benefits of using VLANs are as follows: security, cost reduction, higher performance, broadcast storm mitigation, improved IT staff efficiency, and simpler project and application management.

Part 2: Configure VLANs

Step 1: Create and name VLANs on S1.

Create the following VLANs. Names are case-sensitive:  VLAN 10: Faculty/Staff  VLAN 20: Students  VLAN 30: Guest(Default)  VLAN 99: Management&Native S1#(config)# vlan 10 S1#(config-vlan)# name Faculty/Staff S1#(config-vlan)# vlan 20 S1#(config-vlan)# name Students S1#(config-vlan)# vlan 30 S1#(config-vlan)# name Guest(Default) S1#(config-vlan)# vlan 99 S1#(config-vlan)# name Management&Native

Step 2: Verify the VLAN configuration.

Which command will only display the VLAN name, status, and associated ports on a switch? S1# show vlan brief

Step 3: Create the VLANs on S2 and S3.

Using the same commands from Step 1, create and name the same VLANs on S2 and S3.